From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-10.5 required=3.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,HEADER_FROM_DIFFERENT_DOMAINS,HTML_MESSAGE,INCLUDES_CR_TRAILER, INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id D739FC433EF for ; Wed, 15 Sep 2021 09:15:18 +0000 (UTC) Received: from smtp4.osuosl.org (smtp4.osuosl.org [140.211.166.137]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 70D6561246 for ; Wed, 15 Sep 2021 09:15:18 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org 70D6561246 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=unikie.com Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=lists.buildroot.org Received: from localhost (localhost [127.0.0.1]) by smtp4.osuosl.org (Postfix) with ESMTP id 42C3540041; Wed, 15 Sep 2021 09:15:18 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp4.osuosl.org ([127.0.0.1]) by localhost (smtp4.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 57NaccrLh-YM; Wed, 15 Sep 2021 09:15:17 +0000 (UTC) Received: from ash.osuosl.org (ash.osuosl.org [140.211.166.34]) by smtp4.osuosl.org (Postfix) with ESMTP id 33DE64021E; Wed, 15 Sep 2021 09:15:16 +0000 (UTC) Received: from smtp1.osuosl.org (smtp1.osuosl.org [140.211.166.138]) by ash.osuosl.org (Postfix) with ESMTP id B4A691BF3F6 for ; Wed, 15 Sep 2021 09:15:14 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp1.osuosl.org (Postfix) with ESMTP id A463E81A34 for ; Wed, 15 Sep 2021 09:15:14 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Authentication-Results: smtp1.osuosl.org (amavisd-new); dkim=pass (2048-bit key) header.d=unikie-com.20150623.gappssmtp.com Received: from smtp1.osuosl.org ([127.0.0.1]) by localhost (smtp1.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id G-1TU7wv7dbU for ; Wed, 15 Sep 2021 09:15:12 +0000 (UTC) X-Greylist: whitelisted by SQLgrey-1.8.0 Received: from mail-ej1-x635.google.com (mail-ej1-x635.google.com [IPv6:2a00:1450:4864:20::635]) by smtp1.osuosl.org (Postfix) with ESMTPS id 66E8080F22 for ; Wed, 15 Sep 2021 09:15:12 +0000 (UTC) Received: by mail-ej1-x635.google.com with SMTP id bt14so4692219ejb.3 for ; Wed, 15 Sep 2021 02:15:12 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=unikie-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=curKqqfewdJLRUF0Uw8KlqNJ0YIxh/tB/oGjwznFcP8=; b=bxKMmYg5GZNBVOi6jih70raafnzTv7lzRnZPIK+ys8QDy4faaA2J/UkWTmJvpAVw+L /4ZCvYjWuCT7ZprM8moWGvJ5Cq+Bn4KIBTaSGqOAdebedaEhkc9anmge3fmsGnYwzcAD ISK/65CjSzFLjgjCht+umE1laEENfRVsmUPc1L6d6LGhFyvQM76usI/ZbVwwa3FNW1Oj Au4IhPaytKjw865p3fz7MoqG1ZQn2yOvqfJE9qLqpe+2yRFKM36MTHfQDWHw19HCQgT3 9Yu3CmwBaIe8zspXijDQnY7DJuz3ZQJwis+ADsVipNjUAbIf3ecQaopi+pm3ryHu3f9N 6kYA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=curKqqfewdJLRUF0Uw8KlqNJ0YIxh/tB/oGjwznFcP8=; b=d7QhI52Ok8zU9UySxFopc6SPZfs4ubl5bvpGfVrD8LQYGHLg/i+l9lRn5/9PXvudbu uNQtwSbtSW+NICQVJrJgHxsxPufVbHfazmDVqTFDX2KFIhi05vLJI4R8EopZ3jvG9s1N UeST6qx/tZ4ift6euePdIcNOCmiXgUkz0rxwkb2ZTnHbdzLzK36M1JzSrqyOj31lCGRP agkoKNhIvkLras6Z2VovyJTYs7RfeOJs0OkqpSzBl4G9xawtqo6O4vjY7VXv2iWvqevl 6PB1XFvjvV6ku40d9NzBegr5aPra3PSvTS1Yitc2ircCIFN1V+ddoIxD5wqWLmuQM/v0 d+og== X-Gm-Message-State: AOAM531OC+NmoLfTB7eo/htW6py7ONkDGWJhwDfNUnD70TsoiUPa4hrx iIYAv4V+5RMX6S2IwDG+ZvvAjzgb7bzI4UWK5oCFhi5Rcj212g== X-Google-Smtp-Source: ABdhPJx/u9XJ/lA2tOSYThFlO6gCepUZVPiJ1lqr3LZ4Lrns85oHMGBxJfgj82CQC0DeAOcSf99Pe3ZZQkU07F2alKM= X-Received: by 2002:a17:906:6403:: with SMTP id d3mr23306298ejm.37.1631697310276; Wed, 15 Sep 2021 02:15:10 -0700 (PDT) MIME-Version: 1.0 References: <20210914132139.3597322-1-jose.pekkarinen@unikie.com> <87ee9rgm9e.fsf@tarshish> In-Reply-To: <87ee9rgm9e.fsf@tarshish> From: =?UTF-8?Q?Jos=C3=A9_Pekkarinen?= Date: Wed, 15 Sep 2021 12:14:59 +0300 Message-ID: To: Baruch Siach Subject: Re: [Buildroot] [PATCH v2] package/iptables: add init script X-BeenThere: buildroot@lists.buildroot.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion and development of buildroot List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: buildroot@buildroot.org Content-Type: multipart/mixed; boundary="===============0538690365544843393==" Errors-To: buildroot-bounces@lists.buildroot.org Sender: "buildroot" --===============0538690365544843393== Content-Type: multipart/alternative; boundary="0000000000008f75f405cc0522d7" --0000000000008f75f405cc0522d7 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Tue, Sep 14, 2021 at 7:22 PM Baruch Siach wrote: > Hi Jos=C3=A9, > > On Tue, Sep 14 2021, Jos=C3=A9 Pekkarinen wrote: > > This patch will add an init script that allows > > to set a ruleset in /etc/iptables.conf to be loaded > > on boot, or flushed on stop, as well as a saving > > command to generate a new file. > > > > Signed-off-by: Jos=C3=A9 Pekkarinen > > --- > > [v1 -> v2] s/touch $(DESTDIR)/touch $(TARGET_DIR)/ > > > > package/iptables/S41iptables | 58 ++++++++++++++++++++++++++++++++++++ > > package/iptables/iptables.mk | 6 ++++ > > 2 files changed, 64 insertions(+) > > create mode 100644 package/iptables/S41iptables > > > > diff --git a/package/iptables/S41iptables b/package/iptables/S41iptable= s > > new file mode 100644 > > index 0000000000..93998b78de > > --- /dev/null > > +++ b/package/iptables/S41iptables > > @@ -0,0 +1,58 @@ > > +#!/bin/sh > > + > > +DAEMON=3D"iptables" > > + > > +IPTABLES_ARGS=3D"" > > + > > +start() { > > + printf 'Starting %s: ' "$DAEMON" > > + iptables-restore < /etc/iptables.conf > > + status=3D$? > > + if [ "$status" -eq 0 ]; then > > + echo "OK" > > + else > > + echo "FAIL" > > + fi > > + return "$status" > > +} > > + > > +stop() { > > + printf 'Stopping %s: ' "$DAEMON" > > + iptables -F > > + status=3D$? > > + if [ "$status" -eq 0 ]; then > > + echo "OK" > > + else > > + echo "FAIL" > > + fi > > + return "$status" > > +} > > + > > +restart() { > > + stop > > + sleep 1 > > + start > > +} > > + > > +save() { > > + printf 'Saving %s: ' "$DAEMON" > > + iptables-save > /etc/iptables.conf > > What about read-only rootfs? > Very good point, will it work if we check the rootfs whether is ro or rw, and execute on that behalf? Thanks for the comments! Jos=C3=A9. > baruch > > > + status=3D$? > > + if [ "$status" -eq 0 ]; then > > + echo "OK" > > + else > > + echo "FAIL" > > + fi > > + return "$status" > > +} > > + > > +case "$1" in > > + start|stop|restart|save) > > + "$1";; > > + reload) > > + # Restart, since there is no true "reload" feature. > > + restart;; > > + *) > > + echo "Usage: $0 {start|stop|restart|reload}" > > + exit 1 > > +esac > > diff --git a/package/iptables/iptables.mk b/package/iptables/iptables.m= k > > index dc01466607..1d3612dbf6 100644 > > --- a/package/iptables/iptables.mk > > +++ b/package/iptables/iptables.mk > > @@ -57,4 +57,10 @@ define IPTABLES_LINUX_CONFIG_FIXUPS > > $(call KCONFIG_ENABLE_OPT,CONFIG_NETFILTER_XTABLES) > > endef > > > > +define IPTABLES_INSTALL_INIT_SYSV > > + $(INSTALL) -m 0755 -D package/iptables/S41iptables \ > > + $(TARGET_DIR)/etc/init.d/S41iptables > > + touch $(TARGET_DIR)/etc/iptables.conf > > +endef > > + > > $(eval $(autotools-package)) > > > -- > ~. .~ Tk Open > Systems > =3D}------------------------------------------------ooO--U--Ooo----------= --{=3D > - baruch@tkos.co.il - tel: +972.52.368.4656, http://www.tkos.co.il - > --=20 Jos=C3=A9. --0000000000008f75f405cc0522d7 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable


=
On Tue, Sep 14, 2021 at 7:22 PM Baruc= h Siach <baruch@tkos.co.il> = wrote:
Hi Jos=C3= =A9,

On Tue, Sep 14 2021, Jos=C3=A9 Pekkarinen wrote:
> This patch will add an init script that allows
> to set a ruleset in /etc/iptables.conf to be loaded
> on boot, or flushed on stop, as well as a saving
> command to generate a new file.
>
> Signed-off-by: Jos=C3=A9 Pekkarinen <jose.pekkarinen@unikie.com>
> ---
> [v1 -> v2] s/touch $(DESTDIR)/touch $(TARGET_DIR)/
>
>=C2=A0 package/iptables/S41iptables | 58 ++++++++++++++++++++++++++++++= ++++++
>=C2=A0 package/iptables/iptables.mk |=C2=A0 6 ++++
>=C2=A0 2 files changed, 64 insertions(+)
>=C2=A0 create mode 100644 package/iptables/S41iptables
>
> diff --git a/package/iptables/S41iptables b/package/iptables/S41iptabl= es
> new file mode 100644
> index 0000000000..93998b78de
> --- /dev/null
> +++ b/package/iptables/S41iptables
> @@ -0,0 +1,58 @@
> +#!/bin/sh
> +
> +DAEMON=3D"iptables"
> +
> +IPTABLES_ARGS=3D""
> +
> +start() {
> +=C2=A0 =C2=A0 =C2=A0printf 'Starting %s: ' "$DAEMON"= ;
> +=C2=A0 =C2=A0 =C2=A0iptables-restore < /etc/iptables.conf
> +=C2=A0 =C2=A0 =C2=A0status=3D$?
> +=C2=A0 =C2=A0 =C2=A0if [ "$status" -eq 0 ]; then
> +=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0echo "OK" > +=C2=A0 =C2=A0 =C2=A0else
> +=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0echo "FAIL"=
> +=C2=A0 =C2=A0 =C2=A0fi
> +=C2=A0 =C2=A0 =C2=A0return "$status"
> +}
> +
> +stop() {
> +=C2=A0 =C2=A0 =C2=A0printf 'Stopping %s: ' "$DAEMON"= ;
> +=C2=A0 =C2=A0 =C2=A0iptables -F
> +=C2=A0 =C2=A0 =C2=A0status=3D$?
> +=C2=A0 =C2=A0 =C2=A0if [ "$status" -eq 0 ]; then
> +=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0echo "OK" > +=C2=A0 =C2=A0 =C2=A0else
> +=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0echo "FAIL"=
> +=C2=A0 =C2=A0 =C2=A0fi
> +=C2=A0 =C2=A0 =C2=A0return "$status"
> +}
> +
> +restart() {
> +=C2=A0 =C2=A0 =C2=A0stop
> +=C2=A0 =C2=A0 =C2=A0sleep 1
> +=C2=A0 =C2=A0 =C2=A0start
> +}
> +
> +save() {
> +=C2=A0 =C2=A0 =C2=A0printf 'Saving %s: ' "$DAEMON"<= br> > +=C2=A0 =C2=A0 =C2=A0iptables-save > /etc/iptables.conf

What about read-only rootfs?

=C2=A0 =C2= =A0 Very good point, will it work if we check the rootfs
whether = is ro or rw, and execute on that behalf?

=C2=A0 = =C2=A0 Thanks for the comments!

=C2=A0 =C2=A0 Jos= =C3=A9.
=C2=A0
baruch

> +=C2=A0 =C2=A0 =C2=A0status=3D$?
> +=C2=A0 =C2=A0 =C2=A0if [ "$status" -eq 0 ]; then
> +=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0echo "OK" > +=C2=A0 =C2=A0 =C2=A0else
> +=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0echo "FAIL"=
> +=C2=A0 =C2=A0 =C2=A0fi
> +=C2=A0 =C2=A0 =C2=A0return "$status"
> +}
> +
> +case "$1" in
> +=C2=A0 =C2=A0 =C2=A0start|stop|restart|save)
> +=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0"$1";;
> +=C2=A0 =C2=A0 =C2=A0reload)
> +=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0# Restart, since ther= e is no true "reload" feature.
> +=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0restart;;
> +=C2=A0 =C2=A0 =C2=A0*)
> +=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0echo "Usage: $0 = {start|stop|restart|reload}"
> +=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0exit 1
> +esac
> diff --git a/package/iptables/iptables.mk b/package/iptables/iptables.mk
> index dc01466607..1d3612dbf6 100644
> --- a/package/iptables/iptables.mk
> +++ b/package/iptables/iptables.mk
> @@ -57,4 +57,10 @@ define IPTABLES_LINUX_CONFIG_FIXUPS
>=C2=A0 =C2=A0 =C2=A0 =C2=A0$(call KCONFIG_ENABLE_OPT,CONFIG_NETFILTER_X= TABLES)
>=C2=A0 endef
>=C2=A0
> +define IPTABLES_INSTALL_INIT_SYSV
> +=C2=A0 =C2=A0 =C2=A0$(INSTALL) -m 0755 -D package/iptables/S41iptable= s \
> +=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0$(TARGET_DIR)/etc/ini= t.d/S41iptables
> +=C2=A0 =C2=A0 =C2=A0touch $(TARGET_DIR)/etc/iptables.conf
> +endef
> +
>=C2=A0 $(eval $(autotools-package))


--
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 = =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0~. .~=C2=A0 =C2=A0Tk Open Systems<= br> =3D}------------------------------------------------ooO--U--Ooo------------= {=3D
=C2=A0 =C2=A0- baruc= h@tkos.co.il - tel: +972.52.368.4656, http://www.tkos.co.il -


--
Jos=C3=A9.
<= /div> --0000000000008f75f405cc0522d7-- --===============0538690365544843393== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ buildroot mailing list buildroot@lists.buildroot.org https://lists.buildroot.org/mailman/listinfo/buildroot --===============0538690365544843393==--